Hi All,
I have an account that is constantly being locked within AD after a password change. On our secondary DC Iooking at the event logs it tells me the first DC is the computer that is causing the lockout. I have looked everywhere on this first DC for where this account is used, but cannot find it. On the first DC within about 30 seconds of unlocking this account I can see an event that states that the particular credentials have been explicitly used. Any idea how I can what app/process is using this account.
I have tried resetting the password back to what it used to be, however the account still gets locked out.
Thanks for your help.
Cheers,
Paul
Thanks for this, I have followed the steps provided. On the DC in question with the account in question I can only see event fith failure code 0x12 and not the 0x18 stated in the guide?
Cheers,
Paul